back to article ‪There's a ransom-free fix for WannaCry‬pt. Oh snap, you've rebooted your XP box

Windows XP PCs infected by WannaCrypt can be decrypted without paying ransom by using a new utility dubbed Wannakey. Wannakey offers in-memory key recovery for Win XP machines infected by the infamous ransomware strain. The fix can be used to dump encryption keys from memory. This RSA private key, once recovered, can be used …

  1. Dan 55 Silver badge
    Alert

    "the antithesis of a strong and stable operating system"

    Run for your lives, the body snatchers have claimed yet another victim.

    1. Anonymous Coward
      Anonymous Coward

      Re: "the antithesis of a strong and stable operating system"

      We have about 50 XP machines. None of them were hit. That sounds pretty strong and stable against the 10% of Win7 that have had to be reimaged.

      1. truetalk

        Re: "the antithesis of a strong and stable operating system"

        Same here.. 20 XP machines and none hit due to port 445 being blocked in the windows firewall. We use them for tasks other than file sharing.

      2. Anonymous Coward
        Anonymous Coward

        Re: "the antithesis of a strong and stable operating system"

        "TCP port 445 is used for direct TCP/IP MS Networking access without the need for a NetBIOS layer. This service is only implemented in the more recent verions of Windows (e.g. Windows 2K / XP). The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT/2K/XP. In Windows NT it ran on top of NetBT (NetBIOS over TCP/IP, ports 137, 139 and 138/udp). In Windows 2K/XP, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NetBT. For this they use TCP port 445."

        https://www.speedguide.net/port.php?port=445

    2. JoeCool Silver badge

      Re: "the antithesis of a strong and stable operating system"

      My feelings about windows lies somewhere between "despise" and "hate". Nonetheless the "antithesis.... " comment in the article is unsubstantiated nonsense. As a desktop OS it's uptime is comparable to Linux, if not quite as good. Of course, I am ruthless in minimizing changes on windows, regardless of version.

      1. Anonymous Coward
        Anonymous Coward

        Re: "the antithesis of a strong and stable operating system"

        If you want true up-time, look no further than Windows 98 SE. We found a machine in our new office building that runs some proprietary software to control the air-conditioning systems across a suite of clean rooms. This thing has been running for 7 years since it's last reboot!!

      2. katrinab Silver badge

        Re: "the antithesis of a strong and stable operating system"

        My Windows machines generally stay up for about a month between Patch Tuesdays. My FreeBSD machines have been up since I turned the electricity off to replace a wall socket just before Christmas.

        1. bombastic bob Silver badge
          Devil

          Re: "the antithesis of a strong and stable operating system"

          ACK on FreeBSD stability. usually a crash in FBSD is hardware related, like bad RAM or aging video or possibly a BLOB driver that has a bug in it... [or messed up power supply, had that happen a couple of times]

        2. This post has been deleted by its author

    3. Anonymous Coward
      Anonymous Coward

      Re: "the antithesis of a strong and stable operating system"

      That contained a bit of extraneous text:

      Windows XP is, of course, the antithesis of a strong and stable operating system even when it doesn't have a malware infection

      There, fixed it for you.

      I know there's a whole world out there that doesn't want to face the naked facts following the same sort of self delusion that got Trump elected, but fact is fact - even if you have spent the last, well, rough decade or so denying it. You can secure anything, but it takes a lot less effort if you don't start with a foundation of wet merengue.

      1. Anonymous Coward
        Anonymous Coward

        Re: "the antithesis of a strong and stable operating system"

        Can you tell me what a 'merengue' is please ?

        1. Spanners
          Go

          Re: "Can you tell me what a 'merengue' is please ?"

          I think it's a kind of dance.

    4. Mage Silver badge
      Alert

      Re: "the antithesis of a strong and stable operating system"

      The default settings were rubbish, both on Services and Network Interfaces. But that is true with EVERY version of windows.

      Properly installed, decent drivers, no rogue apps and users as users, not admin, it's totally stable and fairly secure.

      However MS has totally annoyed me with MS Office after 2003, then Win8 and Win10, so after 20 years of promoting and installing MS products, I don't care any more. Also using UNIX since 1985 and Linux since 1999, I now 100% use Linux Mint / Mate / Redmond theme on the laptop got last November, even though I paid Lenovo extra to have Win 7 pro.

  2. Mage Silver badge

    Hmm

    Would adding a fresh boot disk and re-infection give the same key or a different one?

  3. Martin Summers

    Hey at least the guy bothered. He's not asking for money for it either. If there's another similar outbreak then this tool might come in very useful for people if it can be adapted.

    1. Anonymous Coward
      Anonymous Coward

      this tool might come in very useful

      Maybe dumping memory contents to an external file asap on discovering an infection might become a thing.

    2. Robert Helpmann??
      Childcatcher

      What Next?

      Problem is, the next iteration will include a reboot after infection and there will be more versions of this. This looks like a version that was rushed to be put in place first. Other, more effective versions will follow as the vulns are exploited by more experienced individuals.

      1. Orv Silver badge

        Re: What Next?

        It sounds like they didn't overwrite the key in memory after sending it. This is easy to overlook, and being sure you've overwritten it might not even be possible in a heap-based language, or one that uses immutable strings.

  4. Anonymous Coward
    Anonymous Coward

    Strong and stable ...

    Has the OP been listening to too many election speeches by Theresa May?

    1. Rich 11 Silver badge

      Re: Strong and stable ...

      Haven't you got the message? These are the only adjectives which matter now. Use others at your peril.

      1. Dan 55 Silver badge

        Re: Strong and stable ...

        How about the operating system of chaos?

  5. Anonymous Coward
    Anonymous Coward

    Help! - Win7 Ports 445 / 135 just wont die...

    XP: First 2 articles below helped shut down XP outstanding open ports fine. But 3rd article for Win7 didn't go anywhere. Overall, the built-in Win7 Firewall blocks apps fine, but Port blocking isn't working:

    =========

    Port 445: (Tied into File-Sharing):

    Win7-Box-1 - Success, but can't replicate it to 2 other boxes.

    Win7-Box-2 - No joy even matching every WF.msc FS setting.

    Win7-Box-3 - No joy even matching every WF.msc FS setting.

    =========

    Port 135: (Tied into RPC):

    Win7-1 Crashes in Default-Protocols. Default-Properties already UnTicked.

    Win7-2 Default-Properties already UnTicked, no entries in Default-Protocols.

    Win7-3 Can't access menu for either Default-Properties or Default-Protocols.

    =========

    http://ssj100.fullsubject.com/t181-how-to-disable-ports-135-137-139-445-windows-xp

    https://superuser.com/questions/1025630/disable-default-vpn-ports-on-windows-500-and-4500

    http://www.drivethelife.com/windows-drivers/disable-tcp-port-135-avoid-wannacry-ransomware-windows-10-8-7-vista-xp.html

    =========

    1. Cereberus

      Re: Help! - Win7 Ports 445 / 135 just wont die...

      Or alternatively apply the Microsoft patch to stop Wannacrypt being able to use the exploit?

      Or am I just being naive?

      1. TRT

        Re: Help! - Win7 Ports 445 / 135 just wont die...

        Trust Microsoft? Hm... Trust them that the patch fixes it properly, that is.

        1. bombastic bob Silver badge
          Black Helicopters

          Re: Help! - Win7 Ports 445 / 135 just wont die...

          fix it so ONLY the NSA can exploit you...

          black helicopters! oh, NO!

      2. billium
        FAIL

        just being naive

        This update failed to install ...

        1. Eddy Ito

          Re: just being naive

          Had a similar issue here. Ultimately, on the third try, it took from the command line right after a reboot.

          1. Anonymous Coward
            Anonymous Coward

            Re: just being naive

            Yep, no luck with the update so far etc.

            Didn't want to overly rely on it anyhow...

  6. Doctor Syntax Silver badge

    If it relies on getting the data out of memory would this also be in the swap file if the PC hasn't been restarted? If so then there should be scope for recovering of the disk is taken out and mounted on another running system.

    1. GettinSadda

      "If it relies on getting the data out of memory would this also be in the swap file if the PC hasn't been restarted? If so then there should be scope for recovering of the disk is taken out and mounted on another running system."

      I suspect that this would only be true if the encrypting code had got swapped out of RAM before turning the machine off. Not that likely I guess.

    2. Brewster's Angle Grinder Silver badge

      It's possible to ask that memory not to be swapped, e.g. because you are going to store passwords. Whether the virus did this is another matter.

  7. Anonymous Coward
    Pirate

    How long before...

    They start spreading ransomware while claiming it's an antidote?

  8. John 104

    Windows XP is, of course, the antithesis of a strong and stable operating system even when it doesn't have a malware infection

    Seriously? For its day, nearly 20 years ago, it was a fine operating system. So good, in fact, that people stayed on it for as long as they have for one reason or another. Is it strong by today's standards? Of course not. But it got the job done for a lot of years for a lot of people. So ease off, eh? :)

    1. Mystic Megabyte
      FAIL

      @John 104

      I loved XP! Having started with MSDOS 2.x it was like the OS from the future. However it did have a few* problems.

      1) XP did not seem to be able to free up memory after use. Photoshop was the worst culprit, it would grab all your memory and not release it when closing. (I know that memory use could be restricted in the Photoshop preferences).

      2) Every bastard in the world wrote malware for it. XP became unusable. I ended up spending more time trying to keep it going than actually using it.

      3)* other stuff :(

      I abandoned Windows when Vista arrived, good luck to all of you who still need it.

      1. largefile

        Re: @John 104

        When you look at how many computers are running Windows today, the percentage of people having any issues on modern versions of Windows that keep them updated is pretty damn low. The pocket pen protector crowd that gathers here are far from normal. I keep coming back for the comedy of watching geeks bitch and moan.

    2. bobbear

      Agreed..

      @John 104

      Agreed. As a PC user since MSDOS days, I've had generally positive experiences with W95 XP W7 and now W10 on many machines. If you're careful what you do, (don't click on everything in sight...), disable all privacy related options, use a good NAT router, (check all ports closed with Shields Up), along with a good software firewall, AV and anti-malware & keep everything updated you'll be fine. (My Avira AV and Malware Bytes anti-malware never detect anything). I also have Linux mint on another box I use mainly for sandbox purposes, but generally W10 is the preferred choice for everyday use.

      From providing IT support, the nut on the keyboard is the most unreliable component whatever OS is used.

      There are a lot that apparently didn't take up the free W10 upgrade offer and I suspect that they are now feeling a tad foolish & bitter about it... It was pretty obvious from the outset that W10 was a bit raw, (in effect still in early development), but it should also have been clear that W10 was the right path to take after the W8 debacle and that the path was an evolutionary one and needed some patience. I've enjoyed the ride and now think that W10 has the potential to be the best Windows version to date.

  9. GrapeBunch

    Hibernate?

    If it is not in the swap file, could it be recovered from hibernate? Just a thought. Although if faced with that situation, I might have hoped to recover the previous configuation from the existing hibernate file.

    I thought XP one of the better incarnations, along with 2000, 98 SE and 7. Much less good were ME, Vista, and 8.0 which I luckily managed mostly to avoid. Relatively speaking, as always. And excluding current reality. In the day, I liked OS/2, but work required Win95.

  10. 2Fat2Bald

    I would imagine that most people - upon finding they're infected - leap for the power button immediately.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like